CN103650634B - Nms - Google Patents
Nms Download PDFInfo
- Publication number
- CN103650634B CN103650634B CN201380001913.9A CN201380001913A CN103650634B CN 103650634 B CN103650634 B CN 103650634B CN 201380001913 A CN201380001913 A CN 201380001913A CN 103650634 B CN103650634 B CN 103650634B
- Authority
- CN
- China
- Prior art keywords
- network
- network management
- nms
- management equipment
- management device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of NMS is provided, it is by using the wireless network management equipment with multiple security strategies, so as to be used in the network of multiple level of securitys simultaneously, and outside fire wall can be set and safety is ensured, save the step of setting and use redundant network.NMS is made up of following part:1st network(NW1), its connection factory management equipment(11、12);2nd network(NW2), its field equipment connecting(5l~5n);And wireless network management equipment(61、62), it has firewall functionality, with the 1st network(NW1)With the 2nd network(NW2)Connection.
Description
Technical field
The present invention relates to a kind of NMS, a kind of safety management of network is related in detail.
Background technology
Fig. 3 is an example for representing the existing network constructed based on industrial automation wireless communication standard ISA100.11a
The block diagram of son.Factory management equipment 11,12 is connected with the 1st network N W1, and above-mentioned factory management equipment 11,12 constitutes the 1st place of safety
Domain SA1.
1st network N W1 is connected via fire wall 21 with the 2nd network N W2.
Wireless network management equipment 31,32 is setting with the system management function in ISA100.11a and gateway function
It is standby, the management of wireless network is carried out, and enters row information with the equipment on wireless network to exchange.
In addition, wireless network management equipment 31,32 is connected with the 2nd network N W2, and it is connected with the 3rd network N W3.
3rd network N W3 is also connected with maintenance terminal 4.Above-mentioned wireless network management equipment 31,32 and maintenance terminal 4
Constitute the 3rd safety zone SA3.
3rd network N W3 is connected via fire wall 22 with the 4th network N W4.
51~5n of field apparatus is connected with the 4th network N W4.Above-mentioned 51~5n of field apparatus constitutes the 5th safety zone
SA5。
Herein, as fire wall 21,22, in order to meet the 1st safety zone SA1, the 3rd safety zone SA3 and the 5th peace
Region-wide SA5 each different security strategies, and it is arranged on the border of each network.
In addition, so-called security strategy, the information e.g. comprising license with the IP address information of the network connection.
In the case of setting perhaps attachable IP address, in the COM1, the connection from other IP address is impermissible for.
Security strategy is set in the 1st safety zone SA1, the security strategy is used to be set using factory management with redundancy structure
Standby 11,12.
Security strategy is set in the 3rd safety zone SA3, the security strategy is used to use wireless network pipe with redundancy structure
Reason equipment 31,32.
Set security strategy in the 5th safety zone SA5, the security strategy be used for many field apparatus 51 of parallel drive~
5n。
The technology of following controlling network management systems is recorded in patent document 1, i.e.,:By the journey in industrial automation
When sequence control system is constituted as wireless control network system, it is to avoid the malice third party's distorts, and make consolidated network
Exist simultaneously and ensure relative importance value and require the programme-control wireless communication signals of senior real-time and less require real-time
Signal.
Patent document 1:Japanese Unexamined Patent Publication 2011-142441 publications
The content of the invention
But, in the structure in figure 3, in new connection wireless network management equipment, it is necessary to guard network using fire wall
Border, due to set fire wall and spend cost.
Further it is necessary to consider the 3rd peace of the maintenance terminal and redundant being directly connected to wireless network management equipment
The safety of region-wide SA3, therefore, the management of security strategy becomes complicated.
In addition, not only needing to set fire wall, it is also necessary to set with network switching for constituting redundant network etc.
It is standby.
Also, according to the structure of network, the communication of control redundant structure may be via other networks, so as to other
Network produces influence.
Proposed currently invention addresses existing problem points as described above, it is intended that by using with multiple
The wireless network management equipment of security strategy, and can simultaneously use the network of multiple level of securitys.
Other purposes are, by using the wireless network management equipment for being built-in with firewall functionality, it is ensured that safety, save
The step of setting and use redundant network is gone, without setting fire wall in outside.
The purpose of the present invention is realized by following structure.
(1)A kind of NMS, it is characterised in that be made up of following part:
1st network, its connection factory management equipment;
2nd network, its field equipment connecting;And
Network management device, it has firewall functionality, with the 1st network and the 2nd network connection.
(2)According to above-mentioned(1)Described NMS, it is characterised in that
The network management device by connect via special connecting line and by redundant.
(3)According to above-mentioned(1)Or(2)Described NMS, it is characterised in that
The network management device has for the multiple COM1s with multiple network connections.
(4)According to above-mentioned(3)Described NMS, it is characterised in that
The multiple COM1 distributes security strategy, the multiple net different from safety zone to each COM1
Network is connected.
(5)According to above-mentioned(1)Extremely(4)Any one of NMS, it is characterised in that
The NMS is the network management constructed based on industrial automation wireless communication standard ISA100.11a
System.
The effect of invention
According to said structure, network management device can be used simultaneously in the network of multiple level of securitys.
In addition, fire wall can not be set in addition and ensure safety, omission sets and with the trouble of redundant network.
Brief description of the drawings
Fig. 1 is the block diagram for representing one embodiment of the present of invention.
Fig. 2 is the block diagram of the concrete example for representing wireless network management equipment 61.
Fig. 3 is a block diagram for example for representing existing network.
Specific embodiment
Below, using accompanying drawing, the present invention will be described.Fig. 1 is the block diagram for representing one embodiment of the present of invention, for
With Fig. 3 identicals part, identical label is marked.
Factory management equipment 11,12 is connected with the 1st network N W1, and above-mentioned factory management equipment 11,12 constitutes the 1st place of safety
Domain SA1.
Wireless network management equipment 61,62 is connected with the 1st network N W1 and the 2nd network N W2.Wireless network management equipment 61
Connected using special connecting line with 62.Maintenance terminal 7 is directly connected to wireless network management equipment 61 or 62.It is above-mentioned wireless
Network management device 61,62 and maintenance constitute the 6th safety zone SA6 with terminal 7.
51~5n of field apparatus is connected with the 2nd network N W2.
Wireless network management equipment 61,62 except being in industrial automation wireless communication standard ISA100.11a
Beyond system management function and gateway function, also with firewall functionality.There is fire prevention by making wireless network management equipment 61,62
Wall function such that it is able to be directly connected to wireless network management equipment 61,62 and each network N W1, NW2.
Also, by each the port assignment security strategy to wireless network management equipment 61,62 such that it is able to safety
The different multiple network connections of strategy.
In addition, by using special connecting line in the communication between wireless network management equipment 61,62 such that it is able to
Construct redundant structure.
Fig. 2 is the block diagram of the concrete example for representing wireless network management equipment 61.In fig. 2, on processing data packets portion 61a
COM1 61b is used in the management equipment connection of connection redundant, and connects firewall functionality portion 61c.
Filtering rule setting data storehouse 61d is connected on firewall functionality portion 61c, and connects maintenance terminal and directly linked
With COM1 61e, upper network connection COM1 61f, lower network connection COM1 61g.
In the structure of Fig. 2, firewall functionality portion 61c obtains filtering rule simultaneously from filtering rule setting data storehouse 61d
Acted.Herein, so-called filtering rule, refers to the information such as the IP address guide look of the unlicensed communications in each COM1.
Firewall functionality portion 61c is based on the filtering rule obtained from filtering rule setting data storehouse 61d, to the number for receiving
It is controlled according to bag, the packet that communication is licensed is sent to processing data packets portion 61a.
Synchronizing information is carried out between the wireless network management equipment 61,62 for constituting redundant, to cause a wireless network
Network management equipment(Such as 61)Interior database with turn into another wireless network management equipment for being matched(Such as 62)Interior
Database is same.
In for the communication for carrying out database synchronization, such as using redundant management equipment connection COM1 61b,
Redundant management equipment connection COM1 61b is used to be directly connected to another in a wireless network management equipment 61
Wireless network management equipment 62.Thus, the logical of database synchronization is not carried out on upper side network N W1 and the next side network N W2
Letter.
According to structure as described above, can be by the multiple nets different from level of security of wireless network management equipment 61,62
Network NW1, NW2 are connected.
Fire wall can not be in addition used, and wireless network management equipment 61,62 is set on the border of level of security.
It is directly connected to using special connecting line each other by making wireless network management equipment 61,62, from without constructing
For the network of redundant structure, and can easily realize redundant.
Also, during by making wireless network management equipment 61,62 be run with redundant structure needed for communication, be via
What special connecting line was carried out, therefore influence will not be produced on other networks.As the Special-purpose connecting line of the situation, it is not limited to
Netting twine, it is also possible to using client cables, the backboard of printing distributing board.
In addition, in the above-described embodiments, for network management device for the example of wireless network management equipment is said
It is bright, but not limited to this, also it is obtained in that identical effect for wired network management device.
As described above, in accordance with the invention it is possible to realize following NMSs, the NMS passes through
Using the wireless network management equipment for being built-in with firewall functionality simultaneously such that it is able to make in the network of multiple level of securitys
With, fire wall can not be set in outside and ensure safety, omit the step of setting and use redundant network.
In addition, purpose described above is only that the present invention will be described and illustrates, illustrate only specific preferred real
Apply example.Therefore, the present invention is not limited by above-described embodiment, in scope without departing from its spirit, comprising more changes, is become
Shape.
The application is that the Japanese Patent proposed based on June 25th, 2012 goes out to be willing to(Patent 2012-142224)And propose
, its content is introduced herein as reference.
The explanation of label
11st, 12 factory management equipment
51~5n field apparatus
61st, 62 wireless network management equipment
61a processing data packets portion
61b redundant management equipment connection COM1s
61c firewall functionalitys portion
61d filtering rule setting datas storehouse
The direct link COM1 of 61e maintenance terminals
The upper network connection COM1s of 61f
61g lower network connection COM1s
Claims (4)
1. a kind of NMS, it is characterised in that be made up of following part:
1st network, its connection factory management equipment;
2nd network, its field equipment connecting;And
Multiple network management devices, it has firewall functionality, and possesses database, the plurality of network management device and described
1 network and the 2nd network connection,
The multiple network management device is by the way that via special connecting line connection, by redundant, the special connecting line is used for
Database and the multiple network management device to a network management device of the multiple network management device it is another
The database of individual network management device is synchronized.
2. NMS according to claim 1, it is characterised in that
The network management device has for the multiple COM1s with multiple network connections.
3. NMS according to claim 2, it is characterised in that
As the multiple COM1, security strategy is distributed to each COM1, different from safety zone is the multiple
Network connection.
4. NMS according to any one of claim 1 to 3, it is characterised in that
The NMS is the NMS constructed based on industrial automation radio communication specification ISA100.11a.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012-142224 | 2012-06-25 | ||
JP2012142224A JP5445626B2 (en) | 2012-06-25 | 2012-06-25 | Network management system |
PCT/JP2013/065419 WO2014002699A1 (en) | 2012-06-25 | 2013-06-04 | Network management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103650634A CN103650634A (en) | 2014-03-19 |
CN103650634B true CN103650634B (en) | 2017-05-31 |
Family
ID=49782865
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380001913.9A Active CN103650634B (en) | 2012-06-25 | 2013-06-04 | Nms |
Country Status (5)
Country | Link |
---|---|
US (1) | US10003575B2 (en) |
EP (1) | EP2874466B1 (en) |
JP (1) | JP5445626B2 (en) |
CN (1) | CN103650634B (en) |
WO (1) | WO2014002699A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5601353B2 (en) * | 2012-06-29 | 2014-10-08 | 横河電機株式会社 | Network management system |
JP5556858B2 (en) * | 2012-06-29 | 2014-07-23 | 横河電機株式会社 | Network management system |
US11165602B2 (en) * | 2017-10-31 | 2021-11-02 | Murata Machinery, Ltd. | Communication system, controlled device, and control method for communication system |
WO2019123523A1 (en) | 2017-12-18 | 2019-06-27 | 日本電気株式会社 | Communication device, communication system, communication control method, and program |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1602610A (en) * | 2001-08-03 | 2005-03-30 | 波音公司 | An airborne security manager |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020188700A1 (en) * | 2001-06-08 | 2002-12-12 | Todd Steitle | System and method of interactive network system design |
US7302700B2 (en) * | 2001-09-28 | 2007-11-27 | Juniper Networks, Inc. | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device |
US7197660B1 (en) * | 2002-06-26 | 2007-03-27 | Juniper Networks, Inc. | High availability network security systems |
FR2844415B1 (en) * | 2002-09-05 | 2005-02-11 | At & T Corp | FIREWALL SYSTEM FOR INTERCONNECTING TWO IP NETWORKS MANAGED BY TWO DIFFERENT ADMINISTRATIVE ENTITIES |
US20050240989A1 (en) * | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
US7941837B1 (en) * | 2007-04-18 | 2011-05-10 | Juniper Networks, Inc. | Layer two firewall with active-active high availability support |
US8782771B2 (en) | 2007-06-19 | 2014-07-15 | Rockwell Automation Technologies, Inc. | Real-time industrial firewall |
CN101834831A (en) * | 2009-03-13 | 2010-09-15 | 华为技术有限公司 | Method, device and system for realizing redundant backup of network address translation (NAT) equipment |
US8826413B2 (en) * | 2009-12-30 | 2014-09-02 | Motorla Solutions, Inc. | Wireless local area network infrastructure devices having improved firewall features |
JP4900487B2 (en) | 2010-01-06 | 2012-03-21 | 横河電機株式会社 | Control network management system |
JP5110406B2 (en) * | 2010-03-01 | 2012-12-26 | 横河電機株式会社 | Field communication management device |
JP5041257B2 (en) * | 2010-04-22 | 2012-10-03 | 横河電機株式会社 | Field communication system and field communication method |
JP5581141B2 (en) * | 2010-07-29 | 2014-08-27 | 株式会社Pfu | Management server, communication cutoff device, information processing system, method, and program |
JP5494816B2 (en) * | 2010-10-20 | 2014-05-21 | 日本電気株式会社 | COMMUNICATION CONTROL DEVICE, SYSTEM, METHOD, AND PROGRAM |
US8446818B2 (en) * | 2010-11-01 | 2013-05-21 | Avaya Inc. | Routed split multi-link trunking resiliency for wireless local area network split-plane environments |
JP2012226680A (en) * | 2011-04-22 | 2012-11-15 | Internatl Business Mach Corp <Ibm> | Management system, management method and management program for managing industrial control system |
US9270642B2 (en) * | 2011-10-13 | 2016-02-23 | Rosemount Inc. | Process installation network intrusion detection and prevention |
-
2012
- 2012-06-25 JP JP2012142224A patent/JP5445626B2/en active Active
-
2013
- 2013-06-04 WO PCT/JP2013/065419 patent/WO2014002699A1/en active Application Filing
- 2013-06-04 US US14/129,215 patent/US10003575B2/en active Active
- 2013-06-04 CN CN201380001913.9A patent/CN103650634B/en active Active
- 2013-06-04 EP EP13805217.0A patent/EP2874466B1/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1602610A (en) * | 2001-08-03 | 2005-03-30 | 波音公司 | An airborne security manager |
Non-Patent Citations (1)
Title |
---|
Application of trusted network technology to industrial control networks;Hamed Okhravi, David M. Nicol;《INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION 2(2009)》;20091001;摘要,第85-91页,图2 * |
Also Published As
Publication number | Publication date |
---|---|
JP5445626B2 (en) | 2014-03-19 |
CN103650634A (en) | 2014-03-19 |
EP2874466B1 (en) | 2017-08-09 |
EP2874466A1 (en) | 2015-05-20 |
JP2014007588A (en) | 2014-01-16 |
US20150222599A1 (en) | 2015-08-06 |
EP2874466A4 (en) | 2016-02-17 |
WO2014002699A1 (en) | 2014-01-03 |
US10003575B2 (en) | 2018-06-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106571977B (en) | Data transmission method and device | |
CN103650634B (en) | Nms | |
CN108156074A (en) | Pretection switch method, the network equipment and system | |
CN102780635B (en) | The method of pretection switch, TOR switch and system is realized based on TRILL network | |
CN100481832C (en) | Communication device, edge router device, server device, communication system and communication method | |
CN102045409B (en) | Network penetrating method and network communication system | |
CN105451219B (en) | Data integration method and device | |
CN106209430A (en) | The method of a kind of wireless network extension and wireless router | |
CN105871674A (en) | Ring protection link fault protection method, device and system | |
GB2500846A (en) | Network system, network apparatus, and network information setting method | |
Roosta et al. | An intrusion detection system for wireless process control systems | |
CN106413127A (en) | Method and system for connecting relay device with remote network management server, and the relay device | |
CN102197680A (en) | Wireless communication system, wireless communication method thereof, repeater devices and wireless terminal devices | |
CN102984175A (en) | Front-end monitoring equipment without IP and agent device | |
CN108966363A (en) | A kind of connection method for building up and device | |
CN108141399A (en) | For preventing the method and apparatus of the manipulation at CAN bus by being connected to the node in bus by means of CAN controller | |
CN103067216A (en) | Reverse communication method of crossing safety zone, device and system | |
CN107431971A (en) | Wireless invasive system of defense sensor and the method using the sensor disconnected end | |
CN103944824B (en) | Communication system and network repeater | |
CN103069751A (en) | Network information processing system, network information processing apparatus, and information processing method | |
CN107154948A (en) | A kind of multi-protocol data exchange method applied to car launcher information control system | |
CN104580346A (en) | Data transmission method and device | |
CN105632385A (en) | LED display screen blind spot detection method and detection device thereof | |
CN103945394A (en) | Wireless access point device, network system and network automatic configuration method thereof | |
CN104641594B (en) | Multicast message updates |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |